Study: It might not be fair, but customers lose faith in phished brands

Companies work hard to build brand strength and customer trust, but a new …

"Bank of America reminder: confirm your account details." We've all gotten those e-mails from just about every real (and fake) bank in the world. But the messages that most of us pass off as pathetic spam and phishing attempts can really hurt the brands they impersonate. 42 percent of adults in the UK feel that their trust in a brand would be greatly reduced by receiving a phishing e-mail claiming to be from that brand, according to an online survey conducted by research firm YouGov.

The survey, conducted on 1,960 adults this month on behalf of Cloudmark Inc., showed that phishing had an effect on consumers' perceptions of companies. Banks suffered the most: 41 percent said that their trust in a bank would be reduced by phishing attempts, while 40 percent felt the same for an ISP, 36 percent for an online shopping site, and 33 percent for a social networking site.

The results come as bad news to companies that fight tooth and nail to maintain brand strength and customer trust, only to have it chipped away by phishing scams. "What is interesting to note from these results is that well-known brands are also suffering, with phishing attacks having a detrimental effect on their reputation," Cloudmark UK technology chief Neil Cook said in a statement. "This knock-on effect will be particularly worrying for the banks, who rely on a high degree of trust with their customers."

Dear phishers: DIAF!

On the flipside, consumers acknowledge that they are responsible for protecting themselves against such scams—or at least some of them do. Just over a quarter of those surveyed said that they were the most responsible for protecting themselves from phishing attacks, with another 23 percent holding their ISPs responsible. 17 percent of the survey respondents said that the sender's ISP held the greatest responsibility in stopping the e-mails from going out.

Cloudmark said that .uk domains are the most targeted by phishing attacks in Europe, and that phishing techniques are becoming more sophisticated. Instead of just sending out an e-mail with a link to a spoofed web site, attackers are increasingly using cheap VoIP systems to field faux customer service calls. Once they obtain the customer's user ID and pin, the attackers can turn around and sell access to the account to the highest bidder.

As usual, the companies advise customers to practice what we call "skeptical computing." This includes avoiding opening e-mails from unknown senders, not opening unsolicited attachments, using different passwords for different sites (and changing them often), and using a good spam filter. Customers should also be wary of e-mails claiming to be from a bank, PayPal, or MySpace. One old tip that comes from PayPal scams of yore is to avoid clicking on the link provided in the e-mail by manually typing the URL into the browser window instead in order to access your account.